Home / malware TrojanDownloader:Win32/Deseq.A
First posted on 03 December 2009.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Deseq.A is also known as Generic Downloader.x!bqo (McAfee), Trojan-Downloader.Win32.Agent.ctgs (Kaspersky), Win-Trojan/Agent.61440.WZ (AhnLab).
Explanation :
TrojanDownloader:Win32/Deseq.A is a trojan that downloads and executes arbitrary files.
Top
TrojanDownloader:Win32/Deseq.A is a trojan that downloads and executes arbitrary files.
Installation
When executed, TrojanDownloader:Win32/Deseq.A may drop the following file and run it:<system folder>\sq2exd32.exe
The trojan then modifies the following registry entry to ensure that this file is executed at each Windows start:
Sets value: "load"
With data: "<system folder>\sq2exd32.exe"
To subkey: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows It also creates the mutex "HH2200VV-80233" to ensure that multiple copies of the trojan do not run simultaneously.
Payload
Downloads and executes arbitrary files
TrojanDownloader:Win32/Deseq.A may download files from the following sites:www.123cha.com us1.kenmartinhao.com Files downloaded may include a configuration file (h1.htm) that contains the locations and names of additional files for the trojan to download.
It may also post system information regarding the affected computer to the same remote sites, such as MAC, IP address, OS, or language information.
Analysis by Lena LinLast update 03 December 2009
